Mobile Device Management in Office 365

Managing mobile devices and securing your endpoints is an important task, there are many MDM solutions out there, including Microsoft’s own InTune. But what if you’re a small company? Well if you’re using Office 365 then you can take advantage of the Mobile Device Management for Office 365 feature to provide basic MDM features such as ensuring devices connecting aren’t Jailbroken, have a device password set and allow remote wipe.

In this post I’ll walk through the administrative steps required to get the tenant ready for MDM and how to apply it to users

So, we browse to the Mobile Management section within the Office 365 portal and we are greeted with:


After clicking Let’s get started and once the Microsoft automation tasks have completed and MDM is ready we are greeted with:


First thing is to complete the settings and remove the error

To configure the tenant domain(s) you need to add two new cname records as per



Now, if you’re not going to have Apple devices then you can, as it says skip that configuration.

After clicking on Set up, we have to download the CSR from our account


Next we have to browse to the Apple Portal


Sign in with an Apple Account (ensuring it’s an account that isn’t tied to a specific user so can continue to be used as the certificates will need renewing)


Click on Create a Certificate


Accept the Terms of Use to continue


Use the Choose File button to browse and select the CSR file generated earlier.


Once processed use the download button to download the PEM response file


You can close out the Apple website and upload the PEM file.


Now we have a nice green tick to say we’re set up


Now we need to create polices that can be applied to users, the first step of which is to ensure we have a group in Office 365 that we can apply the policy to


After ensuring our groups are created we can create our Device Management policies.


We give the policy a name


Now you can choose the policy options


Then some additional options


Next, we have the option to just save the policy, but doing so will not apply it or we can apply the policy straight away


Now we can browse to the group(s) we created earlier and add them


Once the group(s) are added we can continue


We are given a summary of the policy


Back in the portal we can see that the policy has been created and that it is being turned on


After a little while we can see that its status has been set to on


Now it is just a case of assigning users to the group and they will get the policy assigned. I hope to cover the client experience in another post

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s